How to Conduct a Technology Inventory Audit

The Information Systems Audit and Control Association defines "audit" as a "formal inspection and verification to check whether...efficiency and effectiveness targets are being met." Simplified, an information technology audit is the process of identifying the current and future goals of an organization, identifying the types and amounts of information technology employed within the organization, and determining whether there is enough of each type of technology to adequately facilitate the goals. The information systems audit identifies the strengths and weaknesses within an organization's current information systems infrastructure and the changes required for meeting growth goals.

Step 1

Choose a qualified individual or team to conduct the audit. Ideally, the individuals should be certified. The Information Systems Audit and Control Association offers the Information Systems Auditor certification. The purpose of this certification is to ensure the auditor meets a required level of knowledge concerning the information systems audit process via the ISACA's examination, provide a mandatory code of professional ethics for the auditor and ensure continuing education for up-to-date credentials.

Step 2

Identify the organization's current and future goals. An organization's goals usually target both internal excellence and results-oriented goals related to the organization's bottom line, such as target sales figures. Identify what goals the organization has for its employees' job performances, and those concerning the organization's bottom line. Look also at what goals the organization has for the future both for internal operations and for bottom-line growth.

Organize the audit by breaking the various types of technology used by the organization down into individual categories. Some such categories include information systems management and architecture; client-server, telephony and intra- and extra-nets; security; and networking.

Step 4

Analyze each category for effectiveness and adequacy as compared to the organization's identified goals. Answer such questions as, "Do we have enough enough equipment and personnel in each category to meet current goals?," "What holes exist in the current technology scheme that prevent the attainment of our goals?" and "What do we need to add in terms of systems and personnel to achieve desired growth into the future?"

Step 5

Publish the results of the audit internally to put all personnel on notice as to what is working and what is not working within each technology platform. Publishing audit results ensures credit is given for what is working and notices those responsible. It also supports changes in internal structure and personnel to correct what is not working. Lastly, it puts personnel on notice of what future goals the organization holds and what the organization's expectations are for meeting those goals.

Step 6

Act upon the audit's results by making the changes and/or additions to the current technology infrastructure to bring it in line with current and future goals. Use audit results as a baseline for future audits. Compare the results of the next audit with current results to ensure technology changes and additions are producing desired results. Adjust inventory in terms of both systems and personnel as necessary in each category to keep the technology infrastructure on track with current and future goals.

Photo Credits

Have Feedback?

Thank you for providing feedback to our Editorial staff on this article. Please fill in the following information so we can alert the Small Business editorial team about a factual or typographical error in this story. All Fields are required.